cryptnet: If the caller specifies the location of a CRL, check a cert's…

cryptnet: If the caller specifies the location of a CRL, check a cert's revocation status against it.

cryptnet: If the caller specifies the location of a CRL, check a cert's…
60ddb136 · Juan Lang · Alexandre Julliard · 44e4ac21 · 60ddb136
Commit 60ddb136 authored Nov 30, 2009 by Juan Lang Committed by Alexandre Julliard Dec 17, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 2 deletions

cryptnet_main.c dlls/cryptnet/cryptnet_main.c +28 -2

No files found.
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1582,8 +1582,34 @@ static DWORD verify_cert_revocation(PCCERT_CONTEXT cert, DWORD index,
     0, NULL, &cbUrlArray, NULL, NULL, NULL);
    if (!ret && GetLastError() == CRYPT_E_NOT_FOUND)
    {
-        error = CRYPT_E_NO_REVOCATION_CHECK;
-        pRevStatus->dwIndex = index;
+        if (pRevPara && pRevPara->hCrlStore && pRevPara->pIssuerCert)
+        {
+            PCCRL_CONTEXT crl;
+
+            /* If the caller was helpful enough to tell us where to find a CRL
+             * for the cert, look for one and check it.
+             */
+            crl = CertFindCRLInStore(pRevPara->hCrlStore,
+             cert->dwCertEncodingType,
+             CRL_FIND_ISSUED_BY_SIGNATURE_FLAG | CRL_FIND_ISSUED_BY_AKI_FLAG,
+             CRL_FIND_ISSUED_BY, pRevPara->pIssuerCert, NULL);
+            if (crl)
+            {
+                error = verify_cert_revocation_with_crl(cert, crl, index,
+                 pTime, pRevStatus);
+                CertFreeCRLContext(crl);
+            }
+            else
+            {
+                error = CRYPT_E_NO_REVOCATION_CHECK;
+                pRevStatus->dwIndex = index;
+            }
+        }
+        else
+        {
+            error = CRYPT_E_NO_REVOCATION_CHECK;
+            pRevStatus->dwIndex = index;
+        }
    }
    else if (ret)
    {